[webkit-changes] [187557] trunk/Source/WebCore

[beidson]

Title: [187557] trunk/Source/WebCore

Revision

187557

Author

beid...@apple.com

Date

2015-07-29 14:26:59 -0700 (Wed, 29 Jul 2015)

Log Message

Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange.
<rdar://problem/21412186> and https://bugs.webkit.org/show_bug.cgi?id=147418

Reviewed by Chris Dumez.

No new tests (No known reproducibility)

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::responseReceived): When setting to m_waitingForContentPolicy true, make sure we have a FrameLoader.
(WebCore::DocumentLoader::detachFromFrame): Always explicitly call cancelPolicyCheckIfNeeded().
(WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Cancel the policy check if there is one.
(WebCore::DocumentLoader::cancelMainResourceLoad): Use cancelPolicyCheckIfNeeded().
* loader/DocumentLoader.h:

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/DocumentLoader.cpp
• trunk/Source/WebCore/loader/DocumentLoader.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (187556 => 187557)

--- trunk/Source/WebCore/ChangeLog	2015-07-29 21:08:30 UTC (rev 187556)
+++ trunk/Source/WebCore/ChangeLog	2015-07-29 21:26:59 UTC (rev 187557)
@@ -1,5 +1,21 @@
 2015-07-29  Brady Eidson  <beid...@apple.com>
 
+        Crash in WebCore::DocumentLoader::stopLoadingForPolicyChange.
+        <rdar://problem/21412186> and https://bugs.webkit.org/show_bug.cgi?id=147418
+
+        Reviewed by Chris Dumez.
+
+        No new tests (No known reproducibility)
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::responseReceived): When setting to m_waitingForContentPolicy true, make sure we have a FrameLoader.
+        (WebCore::DocumentLoader::detachFromFrame): Always explicitly call cancelPolicyCheckIfNeeded().
+        (WebCore::DocumentLoader::cancelPolicyCheckIfNeeded): Cancel the policy check if there is one.
+        (WebCore::DocumentLoader::cancelMainResourceLoad): Use cancelPolicyCheckIfNeeded().
+        * loader/DocumentLoader.h:
+
+2015-07-29  Brady Eidson  <beid...@apple.com>
+
         Crash calling webSocket.close() from onError handler for blocked web socket.
         <rdar://problem/21771620> and https://bugs.webkit.org/show_bug.cgi?id=147411
 

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (187556 => 187557)

--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2015-07-29 21:08:30 UTC (rev 187556)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2015-07-29 21:26:59 UTC (rev 187557)
@@ -652,6 +652,7 @@
     }
 
     ASSERT(!m_waitingForContentPolicy);
+    ASSERT(frameLoader());
     m_waitingForContentPolicy = true;
 
     // Always show content with valid substitute data.
@@ -950,6 +951,8 @@
 
     m_applicationCacheHost->setDOMApplicationCache(nullptr);
 
+    cancelPolicyCheckIfNeeded();
+
     // Even though we ASSERT at the top of this method that we have an m_frame, we're seeing crashes where m_frame is null.
     // This means either that a DocumentLoader is detaching twice, or is detaching before ever having attached.
     // Until we figure out how that is happening, null check m_frame before dereferencing it here.
@@ -958,8 +961,6 @@
         InspectorInstrumentation::loaderDetachedFromFrame(*m_frame, *this);
 
     m_frame = nullptr;
-    // The call to stopLoading() above should have canceled any pending content policy check.
-    ASSERT_WITH_MESSAGE(!m_waitingForContentPolicy, "The content policy callback needs a valid frame.");
 }
 
 void DocumentLoader::clearMainResourceLoader()
@@ -1468,18 +1469,23 @@
     setRequest(request);
 }
 
+void DocumentLoader::cancelPolicyCheckIfNeeded()
+{
+    if (m_waitingForContentPolicy && frameLoader())
+        frameLoader()->policyChecker().cancelCheck();
+
+    m_waitingForContentPolicy = false;
+}
+
 void DocumentLoader::cancelMainResourceLoad(const ResourceError& resourceError)
 {
     Ref<DocumentLoader> protect(*this);
     ResourceError error = resourceError.isNull() ? frameLoader()->cancelledError(m_request) : resourceError;
 
     m_dataLoadTimer.stop();
-    if (m_waitingForContentPolicy) {
-        frameLoader()->policyChecker().cancelCheck();
-        ASSERT(m_waitingForContentPolicy);
-        m_waitingForContentPolicy = false;
-    }
 
+    cancelPolicyCheckIfNeeded();
+
     if (mainResourceLoader())
         mainResourceLoader()->cancel(error);
 

Modified: trunk/Source/WebCore/loader/DocumentLoader.h (187556 => 187557)

--- trunk/Source/WebCore/loader/DocumentLoader.h	2015-07-29 21:08:30 UTC (rev 187556)
+++ trunk/Source/WebCore/loader/DocumentLoader.h	2015-07-29 21:26:59 UTC (rev 187557)
@@ -336,6 +336,8 @@
 
         void clearMainResource();
 
+        void cancelPolicyCheckIfNeeded();
+
 #if ENABLE(CONTENT_FILTERING)
         void becomeMainResourceClientIfFilterAllows();
         void installContentFilterUnblockHandler(ContentFilter&);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes